{"uuid": "ffa31f00-a989-47fb-aa25-bc20be106166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37887", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15686", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37887\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result\n\nIf the FW doesn't support the PDS_CORE_CMD_FW_CONTROL command\nthe driver might at the least print garbage and at the worst\ncrash when the user runs the \"devlink dev info\" devlink command.\n\nThis happens because the stack variable fw_list is not 0\ninitialized which results in fw_list.num_fw_slots being a\ngarbage value from the stack.  Then the driver tries to access\nfw_list.fw_names[i] with i >= ARRAY_SIZE and runs off the end\nof the array.\n\nFix this by initializing the fw_list and by not failing\ncompletely if the devcmd fails because other useful information\nis printed via devlink dev info even if the devcmd fails.\n\ud83d\udccf Published: 2025-05-09T06:45:49.492Z\n\ud83d\udccf Modified: 2025-05-09T06:45:49.492Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/cdd784c96fe2e5edbf0ed9b3e96fe776e8092385\n2. https://git.kernel.org/stable/c/6702f5c6b22deaa95bf84f526148174a160a02cb\n3. https://git.kernel.org/stable/c/12a4651a80dbe4589a84e26785fbbe1ed4d043b7\n4. https://git.kernel.org/stable/c/2567daad69cd1107fc0ec29b1615f110d7cf7385", "creation_timestamp": "2025-05-09T07:25:27.000000Z"}